Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild.
The vulnerability, tracked as CVE-2023-45249 (CVSS score: 9.8), concerns a case of remote code execution that stems from the use of default passwords.
The flaw impacts the following versions of Acronis Cyber Infrastructure (ACI) –
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
- < build 5.0.1-61
- < build 5.1.1-71
- < build 5.2.1-69
- < build 5.3.1-53, and
- < build 5.4.4-132
It has been addressed in versions 5.4 update 4.2, 5.2 update 1.3, 5.3 update 1.3, 5.0 update 1.4, and 5.1 update 1.2 released in late October 2023.
There are currently no details on how the vulnerability is being weaponized in real-world cyber attacks and the identity of the threat actors that may be exploiting it.
However, the Swiss-headquartered company acknowledged reports of active exploitation in an updated advisory last week. “This vulnerability is known to be exploited in the wild,” it said.
Users of affected versions of ACI are recommended to update to the latest version to mitigate potential threats.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com